Re: [Samba] Samba 4 posixGroup mapping

[steve]

Hi,
I use Samba3/OpenLDAP in production and create my users using similar
scripts, so no it shouldn't be difficult, something like:

#!/bin/sh

samba-tool user add $1 ..........

echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: objectclass
objectclass: shadowaccount
-
add: uidnumber
uidnumber: $2
-
add: gidnumber
gidnumber: $3
-
add:unixhomedirectory
unixhomedirectory: $4
-
add: loginshell
loginshell: $5">/some/temporary-file

ldbmodify -f /some/temporary-file

rm /some/temporary-file

Please take into account that it is just a very rough example I've put
up in less than a minute.

Regards

Geza
We use Samba3/openldap in real life too:) When I'm not there, they use 
The Yast GUI which has quite a nice point and click LDAP user and 
group module which links to the samba3 schema.

Your echo ...>  /some/temporary-file is a good idea. Would you include 
a default group for the user perhaps? e.g.
samba-tool group addmembers $6 $1
($6 would already exist)

Looking good. Thanks for your time. Will report back.
Cheers,
Steve


Hi Geza, hi everyone.
I had a go at the script. I called it s4user and got it down to 4 
parameters:
s4user <cn> <uid> <gid> <windows-group>

chmod +x s4user
cat s4user
#!/bin/sh
echo "Creating s4 posix user "$1
echo "Pls enter pwd for "$1
samba-tool user add $1
echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: $2
-
add: gidnumber
gidnumber: $3
-
add:unixhomedirectory
unixhomedirectory: /home/CACTUS/$1
-
add: loginshell
loginshell: /bin/bash" > $1
#ldbmodify -f /some/temporary-file
ldapmodify -h 192.168.1.3 -D cn=Administrator,cn=Users,dc=hh3,dc=site -f 
$1 -Y GSSAPI
samba-tool group addmembers $4 $1
mkdir /home/CACTUS/$1
chown $1:$4 /home/CACTUS/$1

./s4user steve6 3000030 2000 suseusers
Creating s4 posix user steve6
Pls enter pwd for steve6
New Password:
User 'steve6' created successfully
SASL/GSSAPI authentication started
SASL username: administra...@hh3.site
SASL SSF: 56
SASL data security layer installed.
modifying entry "cn=steve6,cn=Users,dc=hh3,dc=site"
Added members to group suseusers
hh3:/home/steve # exit
exit
steve@hh3:~> su steve6
Password:
Warning: Your password will expire in 41 days on Tue 20 Mar 2012 14:52:02
CET
steve6@hh3:/home/steve> cd ../CACTUS/steve6
steve6@hh3:~> touch hola
steve6@hh3:~> ls -la
total 12
drwxr-xr-x  2 steve6 suseusers 4096 Feb  7 14:53 .
drwxr-xr-x 10 root   root      4096 Feb  7 14:52 ..
-rw-r--r--  1 steve6 suseusers    0 Feb  7 14:53 hola
-rw-------  1 steve6 suseusers   48 Feb  7 14:52 .xauthoa0jlX
steve6@hh3:~>

Yeah!
I need to tidy the script up a bit and maybe put some stuff in like 
checking for the nslcd pid and put a 'usage:' message.

Just a couple of qns.
1. I couldn't get ldbmodify to work, which is why I used ldapmodify 
instead. Any idea of the syntax?
2. This now bypasses winbind completely. I just happened to use a uid in 
the range that winbind uses. Are there any rules for choosing uid numbers?
4. Is there an easy way to find the next free uid or reuse one from a 
deleted user?
Cheers,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba